We claim: 

1 . A method for protecting/ a net^rk from a virus contained in an e-mail message as 
executable code, the method comwrisiEfg: 

(a) receiving the e-mail message in a gatekeeper server; 

(b) converting the ^efxecufable code from an executable format to a non-executable 
format; and 

(c) forwarding the non-ekecutable format to the recipient of the e-mail message. 

2. The method of claim lj, wherein the executable code is contained in a body of the e- 
mail message. 

3. The method of claim 2, wherein the executable code comprises a hypertext link, 
and wherein step (b) comprises deactivating the hypertext link 




4. The method of claim 
the e-mail message. 

5 . The method of clailn 4 
(i) forwarding 



server: 



and 



(ii) converting 
sacrific al 

6. The method of claim 
sacrificial server for virus 

7. The method of claim 
sacrificial server from a 
device. 

8. The method of claim 



wherein the executable code is contained in an attachment 
wherein step (b) comprises: 

the attachment from the gatekeeper server to a sacrificial 



the attachment to the non-executable format on the 
server. 

5, wherein step (b) further comprises (iii) examining the 
activity. 

6, wherein step (b) further comprises (iv) rebooting the 
sjafe copy of an operating system obtained from a read-only 

wherein communications between the gatekeeper server 



and the sacrificial server are authenticated using a challenge-and-response technique. 
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(ii) detei 
appro^ 

(iii) if the 



9. The method of cl^frn 4, wherein step (b) comprises: 
(i) maintaining a list of approved attachment types; 

ning whether the attachment is of a type which is in the list of 
4<:d attachment types; and 
ttachment is not of a type which is in the list of approved 
attachment types, informing the recipient that a message containing a 
non-approved attachment has been received. 

10. The method of claim 1, wherein step (b) comprises: 
maintai ling a list of approved executable code; 

determining whether the executable code is in the list of approved 
executable code; and 
(iii) deactivating the executable code if the executable code is not in the list 
of approved executable code. 

1 1 . The method of claim 10, wherein: 

the list of approved executable code includes information for determining 
whether the approved e cecutable code has been altered; and 

omprises: 

ng whether the executable code has been altered; and 
ng the executable code if the executable code has been 



(i) 
(ii) 



step (b) further c 

(iv) determin 

(v) deactivat: 



altered. 

12. The method of claim} 11, wherein step (b)(iv) is performed through an algorithmic 
technique. 

13. The method of claiirl 12, wherein the algorithmic technique is a check-summing 
technique. 
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15. The method of claim 1 



(i) 



forming a 




14. The method of claim 12, wherein the algorithmic technique is a hashing 
technique. 

wherein step (b) comprises: 
first copy and a second copy of at least a portion of the e- 
mail messaj e containing the executable code; 

(ii) executing the executable code in the first copy but not the second copy; 
and 

(iii) after the executable code in the first copy has been executed, 
comparing the first copy to the second copy to determine an effect of 

e code. 

16. A system for protecting a network from a virus contained in an e-mail message as 



the executab 
sm for protecting 



executable code, the system comprising: 



a workstat 



network, for recei 



format to a non 



on computer on 



a gatekeeper server, in 



ring the e-mail i nessage; and 



the network used by an recipient of the e-mail message; 
dommunication with the workstation computer over the 



a computer on the network for converting the executable code from an executable 



-executable fomat and forwarding the non-executable format to the 



workstation computer. 

17. The system of claim 
e-mail message. 

18. The system of claim 



6, wherein the executable code is contained in a body of the 



7, wherein the executable code comprises a hypertext link, 
and wherein the computer for converting deactivates the hypertext link. 

19. The system of cla m 16, wherein the executable code is contained in an 
attachment in the e-mail message 
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20. The sys em of claim 16, wherein the computer for converting is a sacrificial server 
which is separate fi om the gatekeeper server. 

21. The sysj\em of claim 20, wherein the sacrificial server is examined for virus 
activity. 

22. The sy stein of claim 21, wherein the network further comprises a read-only 
device, and wherein the sacrificial server is rebooted from a safe copy of an operating 
system obtained from the read-only device. 

23. The systeri of claim 20, wherein communications between the gatekeeper server 
and the sacrificial server are authenticated using a challenge-and-response technique. 

24. The system of claim 16, wherein the network maintains a list of approved 
attachment ty : es, determines whether the attachment is of a type which is in the list of 
approved atta hment types, and, if the attachment is not of a type which is in the list 
of approved a tachment types, informs the recipient that a message containing a non- 
approved attachment has been received. 

25. The system of claim 16, wherein the network maintains a list of approved 
executable coc e, determines whether the executable code is in the list of approved 
executable coc e, and deactivates the executable code if the executable code is not in 
the list of approved executable code. 

of claim 25, wherein: 

of approved executable code includes information for determining 



26. The system 
the list 



whether the approved executable code has been altered; 



the netv 



ork determines whether the executable code has been altered; and 
the executable code is deactivated if the executable code has been altered. 
27. The system ©f claim 26, wherein the system determines whether the executable 
code has been altered thrc ugh an algorithmic technique. 
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28. The sJstem of claim 27, wherein the algorithmic technique is a check-summing 
technique. 

29. The s; astern of claim 27, wherein the algorithmic technique is a hashing technique. 

30. The system of claim 16, wherein the computer for converting converts the 
executable code bW: 

(i) forming a first copy and a second copy of at least a portion of the e- 
mail message containing the executable code; 

(ii) executing the executable code in the first copy but not the second copy; 
and 

10 (iii) after the executable code in the first copy has been executed, 

comparing the first copy to the second copy to determine an effect of 
the executable code. 

3 1. A sacrifficial server for use on a network, the sacrificial server comprising: 
ion means for receiving an e-mail attachment from the network; and 

rjieans for converting the e-mail attachment from an executable format to a 
at and for returning the e-mail attachment to the network. 

32. The sac rificial server of claim 31, wherein the sacrificial server is examined for 
virus activity. 

33. The sacHficial server of claim 32, wherein the sacrificial server further comprises 
20 a read-only device and is rebooted from a safe copy of an operating system obtained 

from the rea 1-only device. 

34. The sacqficial server of claim 31, wherein communications between the network 
and the sacrificial server are authenticated using a challenge-and-response technique. 

35. The sacrificial server of claim 31, wherein the sacrificial server stores a list of 
approved attachment types, determines whether the attachment is of a type which is in 




commumcft 
processing 
non-executable fo 
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the list of approved attachment types, and, if the attachment is not of a type which is 
in the list of a| proved attachment types, and informs the network that a message 
containing a noh -approved attachment has been received. 

36. The sacrificial server of claim 31, wherein the sacrificial server maintains a list of 
approved execuiable code, determines whether the attachment contains executable 
code and whether the executable code is in the list of approved executable code, and 
deactivates the executable code if the executable code is not in the list of approved 
executable code. 

37. The sacrificial server of claim 36, wherein: 

the list of approved executable code includes information for determining 
whether the approved executable code has been altered; 

if the executable code is in the list of approved executable code, the sacrificial 
server determines whether the executable code has been altered; and 

the executable code is deactivated if the executable code has been altered. 

38. The sacrificial server of claim 32, wherein the sacrificial server determines 
whether the executable cocle has been altered through the use of an algorithmic technique 

39. The sacrificial ^erver of claim 38, wherein the algorithmic technique is a check- 
summing technique. 

40. The sacrificial sdrver of claim 38, wherein the algorithmic technique is a hashing 
technique. 

41. The sacrificial server of claim 31, wherein the processing means converts the 
executable code by: 

(i) forming k first copy and a second copy of at least a portion of the e- 
mail message containing the executable code; 
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executing the executable code in the first copy but not the second copy; 
and 

after I the executable code in the first copy has been executed, 
comparing the first copy to the second copy to determine an effect of 
the executable code. 
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